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Abstract. We continue the investigation of parameterized extensions 
of Linear Temporal Logic (LTL) that retain the attractive algorith¬ 
mic properties of LTL: a polynomial space model checking algorithm 
and a doubly-exponential time algorithm for solving games. Alur et al. 
and Kupferman et al. showed that this is the case for Parametric LTL 
(PLTL) and PROMPT-LTL respectively, which have temporal operators 
equipped with variables that bound their scope in time. Later, this was 
also shown to be true for Parametric LDL (PLDL), which extends PLTL 
to be able to express all tj-regular properties. 

Here, we generalize PLTL to systems with costs, i.e., we do not bound 
the scope of operators in time, but bound the scope in terms of the 
cost accumulated during time. Again, we show that model checking and 
solving games for specihcations in PLTL with costs is not harder than 
the corresponding problems for LTL. Finally, we discuss PLDL with costs 
and extensions to multiple cost functions. 


1 Introduction 

Parameterized linear temporal logics address a serious shortcoming of Linear- 
temporal Logic (LTL) [25]: LTL is not able to express timing constraints, e.g., 
while G{q ^ Fp) expresses that every request q is eventually answered by a 
response p, the waiting time between requests and responses might diverge. This 
is typically not the desired behavior, but cannot be ruled out by LTL. 

To overcome this shortcoming, Alur et al. introduced parameterized LTL 
(PLTL) [T], which extends LTL with parameterized operators of the form F<a, 
and G<y, where x and y are variables. The formula G{q F<xP) expresses that 
every request is answered within an arbitrary, but fixed number of steps a{x). 
Here, a is a variable valuation, a mapping of variables to natural numbers. Typ¬ 
ically, one is interested in whether a PLTL formula is satisfied with respect to 
some variable valuation. For example, the model checking problem asks whether 
a given transition system satisfies a given PLTL specification ip with respect to 
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some a, i.e., whether every path satisfies Lp with respect to a. Similarly, solving 
infinite games amounts to determining whether there is an a such that Player 0 
has a strategy such that every play that is consistent with the strategy satis- 
hes the winning condition with respect to a. Alur et al. showed that the PLTL 
model checking problem is PSPACE-complete. Kupferman et al. later considered 
PROMPT-LTL , which can be seen as the fragment of PLTL without the pa¬ 
rameterized always operator, and showed that PROMPT-LTL model checking is 
still PSPACE-complete and that PROMPT-LTL realizability, an abstract notion 
of infinite game, is 2ExpTiME-complete. While the results of Alur et al. relied 
on involved pumping arguments, the results of Kupferman et al. where all based 
on the so-called alternating-color technique, which basically allows to reduce 
PROMPT-LTL to LTL. Furthermore, the result on realizability was extended 
to infinite games on graphs |d8j . again using the alternating-color technique. 

Another serious shortcoming of LTL (and its parameterized variants) is their 
expressiveness: LTL is equi-expressive to first-order logic with order m and 
thus not as expressive as w-regular expressions. This shortcoming was addressed 
by a long line of temporal logics |l8l24la4l;fKld71 with regular expressions, finite 
automata, or grammar operators to obtain the full expressivity of the w-regular 
languages. One of these logics is Linear Dynamic Logic (LDL), which has tem¬ 
poral operators (r) and [r], where r is a regular expression. For example, the 
formula [rg] (g ^ {fi) p) holds in a word w, if every request at a position n such 
that wq ■ ■ ■ Wn-i matches rg, there is a position n' > n such that p holds at 
n' and Wn - ■ ■ Wn'-i matches ri. Intuitively, the diamond operator corresponds 
to the eventuality of LTL, but is guarded by a regular expression. Dually, the 
box operator is a guarded always. Although LDL is more expressive than LTL, 
its algorithmic properties are similar: model checking is PS PACE-complete and 
solving games is 2ExpTiME-complete [34] . 

There are temporal logics whose expressiveness goes even beyond the w- 
regular languages to capture properties of recursive programs, which are typically 
w-contextfree. The visibly w-contextfree languages [2] are an important class of 
languages located between the w-regular ones and the w-contextfree ones that 
enjoys desirable closure properties, which make it suitable to be employed in ver¬ 
ification. Temporal logics that capture this class are visibly LTL m, the fixed- 
point logic VP-pTL [9], and visibly LDL (VLDL) [36]. The logic visibly LTL 
enhances LTL with visibly rational expressions El, and VP-pTL extends the 
linear-time ^-calculus [33] with non-local modalities. Finally, VLDL has the 
same temporal operators as LDL, but allows to use visibly pushdown automata 
instead of regular expressions as guards. For all these logics, model checking 
is ExpTiME-complete, i.e., (under standard complexity theoretic assumptions) 
harder than the model checking problem for LTL. Furthermore, solving games 
with VLDL winning conditions is SExpTiME-complete, again harder than solv¬ 
ing LTL games. Thus, going beyond the w-regular languages does increase the 
complexity of these problems at last. 

All these logics tackle one shortcoming of LTL, but not both simultaneously. 
This was achieved for the first time by adding parameterized operators to LDL. 




The logic, called parameterized LDL (PLDL), has additional operators {r)^^ 
and [r\^y with the expected semantics: the variables bound the scope of the 
operator. And even for this logic, which has parameters and is more expres¬ 
sive than LTL, model checking is still PSPACE-complete and solving games is 
2ExpTiME-complete m- Again, these problems were solved by an application 
of the alternating-color technique. One has to overcome some technicalities, but 
the general proof technique is the same as for PROMPT~LTL. 

The decision problems for the parameterized logics mentioned above are 
boundedness problems, e.g., one asks for an upper bound on the waiting times 
between requests and responses in case of the formula G{q —>■ F< 2 ;p). Recently, 
more general boundedness problems in logics and automata received a lot of 
attention to obtain decidable quantitative extensions of monadic second-order 
logic and better synthesis algorithms. In general, boundedness problems are un- 
decidable for automata with counters, but become decidable if the acceptance 
conditions can refer to boundedness properties of the counters, but the transi¬ 
tion relation has no access to counter values. Recent advances include logics and 
automata with bounds |4I7) . satisfiability algorithms for these logics |5i6i8i:r2| . 
and regular cost-functions m However, these formalisms, while very expres¬ 
sive, are intractable and thus not suitable for verification and synthesis. Thus, 
less expressive formalisms were studied that appear more suitable for practical 
applications, e.g., flnitary parity parity with costs EH, energy-parity 
mean-payoff-parity [16], consumption games [12], and the use of weighted au¬ 
tomata for specifying quantitative properties mM- In particular, the parity 
condition with cost is defined in graphs whose edges are weighted by natural 
numbers (interpreted as costs) and requires the existence of a bound b such that 
almost every occurrence of an odd color is followed by an occurrence of a larger 
even color such that the cost between these positions is at most b. Although 
strictly stronger than the classical parity condition, solving parity games with 
costs is as hard as solving parity games EXES]. 

We investigate parameterized temporal logics in a weighted setting similar 
to the one of parity conditions with costs: our graphs are equipped with cost- 
functions that label the edges with natural numbers and parameterized operators 
are now evaluated with respect to cost instead of time, i.e., the parameters bound 
the accumulated cost instead of the elapsed time. Thus, the formula G(q — 
F<a:p) requires that every request q is answered with cost at most a{x). We 
show the following results about PLTL with costs (cPLTL): 

First, we refine the alternating-color technique to the cost-setting, which 
requires to tackle some technical problems induced by the fact that accumulated 
cost, unlike time, does not increase in every step, e.g., if an edge with cost zero 
is traversed. In particular, infinite paths with finite cost have to be taken care 
of appropriately. 

Second, we show that Kupferman et al.’s proofs based on the alternating- 
color technique can be adapted to the cost-setting as well. For model checking, 
we again obtain PSPACE-completeness while solving games is still 2 ExpTime- 
complete. 








Third, we consider PLDL with costs (cPLDL), which is defined as expected: 
the diamond and the box operator may be equipped with parameters bounding 
their scope. Again, the complexity does not increase: model checking is PSpace- 
complete while solving games is 2ExpTiME-complete. 

Fourth, we generalize both logics to a setting with multiple cost-functions. 
Now, the parameterized temporal operators have another parameter that deter¬ 
mines the cost-function under which they are evaluated. Even these extensions 
do not increase complexity: model checking is again PS PACE-complete while 
solving games is still 2ExpTiME-complete. 

Fifth, we also study the optimization variant of the model checking and the 
game problem for these logics: here, one is interested in finding the optimal 
variable valuation for which a given transition system satisfies the specification. 
For example, for the request-response condition one is interested in minimizing 
the waiting times between requests and responses. For cPLTL and cPLDL, we 
show that the model checking optimization problem can be solved in polynomial 
space while the optimization problem for infinite games can be solved in triply- 
exponential time. These results are similar to the ones obtained for PLTL [ll38j . 
In particular, the exponential gap between the decision and the optimization 
variant of solving infinite games exists already for PLTL. Whether this gap can 
be closed is an open problem. A first step towards this direction was made by 
giving an approximation algorithm for this problem with doubly-exponential 
running time m- 

The paper is structured as follows: in Section [21 we introduce cPLTL and 
discuss basic properties. Then, in Section [31 we extend the alternating-color 
technique to the setting with costs, which we apply in Section [4] to the model 
checking problem and in Section|S]to solve infinite games. In SectionjBl we extend 
these results to cPLDL and to multiple cost-functions. Finally, in Section [51 we 
investigate model checking and game-solving as optimization problems. 

2 Parametric LTL with Costs 

Let V be an infinite set of variables and let P be a set of atomic propositions. 
The formulas of cPLTL are given by the grammar 

ip -.-—p \ ^p \ ip A ip \ ip\/ ip \ X(^ I p\]p I p'Rp I F I G<zP, 

where p e P and z G V. We use the derived operators tt :=pV-'p and ff :=pA^p 
for some fixed p G P, Fp := ttUp, and Gp := f f Rp. Furthermore, we use p —>■ p 
and -ip —>■ p as shorthand for —>p V p and pV p, respectively. Additional derived 
operators are introduced on page ID 

The set of subformulas of a cPLTL formula p is denoted by cl(p) and we 
define the size of p to be the cardinality of cl(p). Furthermore, we define 

varF(p) = {z €V \ F ^z'ijj G cl(p)} 
to be the set of variables parameterizing eventually operators in p, 




to be the set of variables parameterizing always operators in Lp. Furthermore, 
var((/3) = varF((/j) U varG((/3) denotes the set of all variables appearing in 
cPLTL is evaluated on so-called cost-traces (traces for short) of the form 

w = W 0 C 0 W 1 C 1 W 2 C 2 ■ ■ ■ G ( 2 ^ • N)“ , 

which encode the evolution of the system in terms of the atomic propositions 
that hold true in each time instance, and the cost of changing the system state. 
The cost of the trace w is defined as cst(w) = Sj>o ’ which might be infinite. 
A finite cost-trace is required to begin and end with an element of 2^. The 
cost cst(u;) of a finite cost-trace w = woCqWiCi ■ ■ ■ Cn-iWn is defined as cst(r(;) = 

^j=o h- 

Furthermore, we require the existence of a distinguished atomic proposition k 
such that all cost-traces satisfy Cj > 0 if and only if k G Wj+i, i.e., k indicates 
that the last step had non-zero cost. We use the proposition n to reason about 
costs: for example, we are able to express whether a trace has cost zero and 
whether a trace has cost 00 . In the following, we will ensure that all our systems 
only allow traces that satisfy this assumption. 

Also, to evaluate formulas we need to instantiate the variables parameterizing 
the temporal operators. To this end, we define a variable valuation to be a 
mapping a: V ^ N. Now, we can define the model relation between a cost- 
trace w = WQCQW 1 C 1 W 2 C 2 • • •, a position n of w, a variable valuation a, and 
a cPLTL formula as follows: 

— {w, n,a) \= p if and only if p G Wn, 

— {w, n, a) ^ -ip if and only if p ^ Wn, 

— {w, n,a) 1= p A '0 if and only if {w, n,a) \= p and {w, n, a) |= tp, 

— (w, n,a) \= (fV Ip if and only if {w, n,a) \= p or (w, n, a) \= ip, 

— {w, n, a) ^ Xp if and only if {w, n -|- 1, a) \= (p, 

— {w, n, a) ^ (p\Jip if and only if there exists a _) > 0 such that {w, n+j, a) \= ip 
and (w, n + k,a) \= p> for every k in the range 0 < k < j, 

— {w, n, a) \= ipRip if and only if for every j > 0: either [w, n + j,a) \= ip or 
there exists a fc in the range 0 < k < j such that {w, n + k,a) \= p, 

— {w, n, a) \= r< 2 p if and only if there exists a j > 0 with 
cst{wnCn ■'' Cn+j-iWn+j) < a{z) such that {w, n + j, a) 1= Lp, and 

— (w, n, a) 1= G<czP if and only if for every j > 0 with 
cst(w„c„ • • • Cn+j-iWn+j) < a{z): {w, n + j, a) ^ p. 

Note that we recover the semantics of PLTL as the special case where every c„ 
is equal to one. 

For the sake of brevity, we write {w, a) \= ip instead of {w, 0, a) |= (p and say 
that ra is a model of p with respect to a. For variable-free formulas, we even 
drop the a and write w \= ip. 

As usual for parameterized temporal logics, the use of variables has to be 
restricted: bounding eventually and always operators by the same variable leads 
to an undecidable satisfiability problem [T]. 


Definition 1. A cPLTL formula ip is well-formed, if vBXYif) H varG((/?) = 0. 

In the following, we only consider well-formed formulas and omit the quali¬ 
fier “well-formed”. Also, we will denote variables in varF(</5) by x and variables 
in varG(</?) by y, if the formula ip is clear from context. 

We consider the following fragments of cPLTL. Let ip he a, cPLTL formula: 

— is an LTL formula, if var((p) = 0. 

— 93 is a cPLTLp formula, if varG(‘/3) = 0- 

— is a cPLTLg formula, if varF(v3) = 0- 

Every LTL, cPLTLf, and every cPLTLg formula is well-formed by definition. 


Example 1. 


1. The formula G{q —>■ ¥<xP) is satisfied with respect to a, if every request (a 
position where q holds) is followed by a response (a position where p holds) 
such that the cost of the infix between the request and the response is at 
most a{x). 

2. The (max-) parity condition with costs m can be expressetfl in cPLTL via 


FG /\ 


'ce{l,3,...,d-l} 


F<,V, 


c'e{c+l,c+3,...,(i} 


where d is the maximal color, which we assume w.l.o.g. to be even. However, 
the Streett condition with costs [21] cannot be expressed in cPLTL, as it is 
defined with respect to multiple cost functions, one for each Streett pair. We 
extend cPLTL to multiple cost functions in Section [T] 


As for PLTL, one can also parameterize the until and the release operator 
and also consider bounds of the form “> z”. However, this does not increase 
expressiveness of the logic. Formally, we define 

— (w, n, a) ^ ip\J<z'<P if and only if there exists a j > 0 with 

cst(wnCn ■ • ■ Cn+j-iWn+j) < a{z) such that {w,n-\-j,a) \= Ip and {w,n-\- 
k,a) \= ip for every k in the range h < k < j, 

— {w, n, a) ^ (p'R<zip if and only if for every j > 0 with 

cst{wnCn ' ’ ' c„+_,_i) < a(z): (w, n-\- j,Q.) \= Ip or there exists a fc in the 
range 0 < k < j such that (w, n k,a) \= ip, 

— (w, n, a) ^ F^„:ip if and only if there exists a j > 0 with 
cst{wnCn ' ’' c„+j_ i Wn+j ) > a(z) such that (w, n j, a) ^ ip, and 

— (w, n, a) )= GyzP if and only if for every j > 0 with 
cst{wnCn ' ’ ' Cn+j-iWn+j) > a(z) Satisfies (w, n j, a) |= (p. 

^ Note that the bound in the parity condition with costs may depend on the trace while 
one typically uses global bounds for cPLTL (see, e.g.. Section [4] and Section O. 
However, for games in finite arenas (and thus also for model checking) these two 
variants coincide m- 



— {w, n, a) ^ (p\Jy.zip if and only if there exists a j > 0 with 

cst{wnCn ■ ■ ■ Cn+j-iWn+j) > o:(z) such that {w,n+j,a) \= ip and {w,n + 
k,a) 1= for every k in the range 0 < k < j, and 

— {w, n, a) ^ (p'R^z'fp if only if for every j > 0 with 

cst(w„c„ • • • Cn+j-iWn+j) > a{z): {w, n + j,a) \= ip or there exists a k in the 
range 0 < k < j such that {w, n + k,a) \= '•p. 

Let <p = Ip denote equivalence of the formulas p and ip, i.e., for every w, every n, 
and every a, we have {w, n,a) \= p if and only if {w, n, a) \= ip. Then, we have 
the following equivalences (which also restrict the use of variables as defined in 
Definition [1} : 

- iplJ<xip = pUip AF<xip - G>x'P = F<a,GX(-iK V Gi^) 

— ifllKylp = ipRlp V G<y1p — ifXJyylp = G <y (if A FX(k A 

— F>y(/j = G<yFX(K A F(/j) — = F<a;((^VGX(-i/cV(^R'^)) 

Note that we defined cPLTL formulas to be in negation normal form. Nev¬ 
ertheless, a negation can be pushed to the atomic propositions using the duality 
of the operators. Thus, we can define the negation of a cPLTL formula. 


Lemma 1. For every cPLTL formula p there exists an efficiently constructible 
cPLTL formula -<ip s.t. 

1. {w,n,a) \= If if and only if (w,n,a) ^ for every w, every n, and every 
a, 

2. |-.(^| = \p\. 

3. If p is well-formed, then so is -^p. 

4- If p is an LTL formula, then so is -^p. 

5. If p is a cPLTL-p formula, then -^p is a cPLTLq, formula and viee versa. 


Proof. We construct —>p by induction over the construction of p using the dual¬ 
ities of the operators: 


(p) = 

{pAiP) = {-^p) V {-^ip) 
{pJJip) = -ipH-iip 

{F<xp) = G<x^p 


(-.p) = p 

{py ip) = (-.p) A {-^ip) 
{pFlip) = -^pG^ip 
{G<yp) = F<y^P 


The latter four claims of Lemma [T] follow from the definition of ^p while the 
first one can be shown by a straightforward induction over p’s construction. □ 


Another important property of parameterized logics is monotonicity: increas¬ 
ing (decreasing) the values for parameterized eventuality operators (parameter¬ 
ized always operators) preserves satisfaction. 


Lemma 2. Let p be a ePLTL formula and let a and jS he variable valuations 
satisfying a{x) < I3{x) for every x € varpip) and a{y) > pPpy) for every y S 
varG(p). If {w, a) \= p, then (w,/!) ^ p. 


Especially, if we are interested in checking whether a formula is satisfied with 
respect to some a, we can always recursively replace every subformula G<y^ 
by '0 V X(-i«:U(-'K A ip)), as this is equivalent to G<yip with respect to every 
variable valuation mapping y to zero, which is the smallest possible value for y. 
Note that we have to ignore the current truth value of k, as it indicates the cost 
of the last transition, not the cost of the next one. 

3 The Alternating-Color Technique for Costs 

Fix a fresh atomic proposition p ^ P. We say that a cost-trace 



is a coloring of a cost trace 

w = W 0 C 0 W 1 C 1 W 2 C 2 • • • G (2^ ■ , 


if w!^ r\ P = Wn and c'„ = Cn for every n, i.e., w' and w only differ in the truth 
values of the new proposition p. A position n is a changepoint of w', if n = 0 or if 
the truth value of p in w'^_i and w'^ differs. A block of w' is an infix - 
of w' such that n and n + j + 1 are successive changepoints. If a coloring has 
only finitely many changepoints, then we refer to its suffix starting at the last 
changepoint as its tail, i.e., the coloring is the concatenation of a finite number 
of blocks and its tail. 

Let fc G N. We say that w' is fc-bounded if every block and its tail (if it has 
one) has cost at most k. Dually, we say that w' is /c-spaced, if every block has 
cost at least k. Note that we do not have a requirement on the cost of the tail 
in this case. 

Given a cPLTLp formula p, let rel(i^) denote the LTL formula obtained from 
if by recursively replacing every subformula F^^ip by 

(p —>■ pU(-ipUrel(0))) A (-ip —-'pU(pUrel('0))). 

Intuitively, the relativized formula requires rel('0) to be satisfied within at most 
one changepoint. On bounded and spaced colorings, p and rel((p) are “equiva¬ 


lent”. 


Lemma 3 (cp. Lemma 2.1 of [23]). Let w be a cost-trace and let p be a 
cPLTL-p formula. 

1. Let {w,a) 1= (fi for some variable valuation a. Then, w' ^ rel(<p) for every 
{k l)-spaced coloring w' of w, where k = max2,gvar(i^) aix). 

2. Let w' \= rel(ip) for some k-bounded coloring w' of w. Then, {w, a) \= p, 
where a{x) = 2k for every x. 


Proof. Note that w and its colorings coincide on their cost. Hence, when speaking 
about the cost of an infix or suffix, we do not have to specify whether we refer 
to ui or to a coloring of w. 

HI) Fix a (fc + l)-spaced coloring w' of w, where k = niax,j,gvar(i^) Qf(a;). We 
show that (w, n,a) \= '.p implies {w', n) \= rel((^) by induction over the construc¬ 
tion of (p. 

The only non-trivial case is the one of a parameterized eventuality: thus, 
assume (w, n, a) ^ i.e., there is a j with cst(w„c„ • • • Cn+j-iWn+j) < a{x) 

and {w,n + j,a) ^ ip. By induction hypothesis, we have {w',n + j) [= rel('0). 
As w' is (fc -I- l)-spaced, i.e., the cost of each block is at least A: -I- 1, there is at 
most one changepoint between (and including) the positions n and n -I- j — 1 in 
w'. Hence, {w',n) ^ pU(-ipUrel(i/'))), ifp G w!^, and {w',n) ^ -'pU(pUrel(^/>))) 
otherwise. Thus, {w',n) |= rel(F<a;i/;). 

H) Dually, fix a fc-bounded coloring w' of w and define the variable valu¬ 
ation a with a{x) = 2k for every x. We show that {w',n) |= rel(:^) implies 
(ic, n,a) \= p by induction over the construction of p. 

Again, the only non-trivial case is the one of a parameterized eventuality: 
thus, let {w',n) |= rel(F<2;■!/;). We assume {w',n) |= p (the other case is dual). 
Then, we have {w',n) \= pU(-'pUrel(^)), i.e., rel('(/') is satisfied at some posi¬ 
tion n+j such that there is at most one changepoint between (and including) the 
positions n and n-|-j — 1 in w'. As ui' is fc-bounded, this implies that the cost of 
the infix ■ • • Wn+j is bounded by 2k. Furthermore, applying the induction 
hypothesis yields (w, n + j, a) \= ip. Hence, {w, n, a) ^ □ 

4 Model Checking 

A transition system S = (S', sj, E, i, cst) consists of a finite directed graph (S, E), 
an initial state s/ G S, a labeling function i: S —)• 2^, and a cost function 
cst: E ^ N. We encode the weights in binary, although the algorithms we present 
in this section and their running times and space requirements are oblivious to 
the exact weights. Furthermore, we assume that every state has at least one 
successor to spare us from dealing with finite paths. Recall our requirement 
on cost-traces having a distinguished atomic property k indicating the sign of 
the cost of the previous transition. Thus, we require S to satisfy the following 
property: if «; G £{v'), then cst(r!,r!') > 0 for every edge {v,v') G E leading to v'. 
Dually, if K ^ then cst(u, v') = 0 for every edge {v, v') G E. 

A path through 5 is a sequence tt = sqSiS 2 ■ ■ ■ with sq = s/ and («„, s„+i) G 
E for every n. Its cost-trace tr(7r) is defined as 

tr(7r) = £(so)cst(so,si)^(si)cst(si, S 2 )^(s 2 )cst(s 2 , S 3 ) • • • , 

which satisfies our assumption on the proposition k. 

The transition system S satisfies a cPLTL formula p with respect to a variable 
valuation a, if the trace of every path through S satisfies p with respect to a. 
The cPLTL model checking problem asks, given a transition system S and a 
cPLTL formula p, whether S satisfies p with respect to some a. 


Theorem 1. The cPLTL model checking problem is PSPACE-complete. 

The proof we give below is a generalization of the one for PROMPT~LTL 
by Kupferman et al. m- We begin by showing PSPACE-membership. First note 
that we can restrict ourselves to cPLTLf formulas: given a cPLTL formula (p, let 
If' denote the formula obtained by recursively replacing every subformula G^yip 
hy tjj V X(-iKU(-'ft: A tp)). Due to Lemma ITT] and the discussion below it, every 
transition system S satisfies p with respect to some a if and only if S satisfies 
if' with respect to some a'. 

Next, we show how to apply the alternating-color: recall that the classical 
algorithm for LTL model checking searches for a fair path, i.e., one that visits 
infinitely many accepting states, in the product of S with a Biichi automaton 
recognizing the models of the negated specification. If such a path exists, then S 
does not satisfy the specification, as the fair path contains a path tt through S 
and an accepting run of the automaton on its trace, i.e., the trace does not satisfy 
the specification. If there is no such fair path, then S satisfies the specification. 

For cPLTL we have to find such a path for every a in order to show that 
<S does not satisfy the specification with respect to any a. To this end, one 
relativizes the cPLTLf specification as described in Section [3] and builds an 
automaton for the negation of the relativized formula in conjunction with a 
formula that ensures that every ultimately periodic model is both A:-bounded 
and fc'-spaced for some appropriate k and k'. Then, we search for a pumpable 
fair path in the product of the system and the Biichi automaton recognizing the 
models of the negated specification, which is non-deterministically labeled by p. 
Applying Lemma [3] and pumping a fair path through the product appropriately 
yields a counterexample for every a. Thus, model checking is reduced to finding 
a pumpable fair path. Let us stress again that this algorithm is similar to the one 
for PROMPT~LTL, we just have to pay attention to some intricacies stemming 
from the fact that we want to bound the cost, not the waiting time: there might 
be paths with finite cost, which have to be dealt with appropriately. 

Recall that p is the distinguished atomic proposition used to relativize cPLTL 
formulas. A colored Biichi graph with costs (F, u/, £1, cst, F) consists of a finite 
direct graph (F, F), an initial vertex u/, a labeling function £: F —>■ 2^^^^ a cost- 
function cst: F —>• N, and a set F C F of accepting vertices. A path uoUiU2 • • • 
is pumpable, if each of its blocks induced by p contains a vertex repetition such 
that the cycle formed by the repetition has non-zero coslU. Note that we do not 
have a requirement on the cost of the tail, if the path has one. The path is fair, 
if it visits F infinitely often. The pumpable non-emptiness problem asks, given 
a colored Biichi graph with costs, whether it has an initial pumpable fair path. 

Lemma 4. // a colored Biichi graph with costs has an initial pumpable fair path, 
then also one of the form ttott^ with IttottiI € 0{n^), where n is the number of 
vertices of the graph. 

^ Note that our definition is more involved than the one of Kupferman et ah, since we 
require a cycle with non-zero cost instead of any circle. 



Proof. Let tt be an arbitrary initial pumpable fair path. First, assume it has 
only finitely many changepoints. If there are two blocks that start with the same 
vertex, then we can remove all blocks in between and obtain another initial 
pumpable fair path. Thus, we can assume that tt has at most n blocks. Fur¬ 
thermore, the length of each block can be bounded by 0{n) by removing cycles 
while retaining the state repetition with non-zero cost and at least one accepting 
vertex (provided the block has one). Now, consider the tail: by removing infixes 
one can find a cycle of length at most n containing an accepting vertex and a 
path of length at most n leading from the last changepoint to a vertex on the 
cycle. Hence, we define ttq to be the prefix containing all blocks and the path 
leading to the cycle and define tti to be the cycle. Then, we have IttottiI G 0{vf) 
and 'KQ'irf is an initial pumpable fair path. 

On the other hand, if tt contains infinitely many changepoints, then we can 
remove blocks and shorten other blocks as described above until we have con¬ 
structed a prefix ttotti such that has the desired properties. In this case, 
we can assume that the first position of tti is a changepoint by “rotating” tti 
appropriately and appending a suitable prefix of it to ttq. □ 

Let S = {S,si,E,i,cst) be a transition system and let be a cPLTLf 
formula. Furthermore, consider the LTL formula 

X = (GFp A GF^p) o GFk, 

which is satisfied by a cost-trace, if the trace has infinitely many changepoints if 
and only i§ it has cost oo. Now, let 21 = (Q, S, F) be a nondetermin- 

istic Biichi automaton recognizing the models of the LTL formula -irel(i^) A Xi 
which we can pick such that its number of states is bounded exponentially in 
\'p\. Now, define the colored Biichi graph with costs 

<Sx2l=(5'xQx 2<P>,(s/,g/,0),£;',£',cst',F') 
where 

— ((s, q, C), {s', q', C')) G E' if and only if (s, s') G E and q' G S{q, £(s) U C), 

- £(s,q,C) = C, 

— cst'((s, q, C), (s', q', C')) = cst(s, s'), and 

- F' = S X F X 2{P>. 


Lemma 5. [cp. Lemma 4.2 of \2S£^ I S does not satisfy p with respect to any a 
if and only */ <S X 21 has an initial pumpable fair path. 

Proof. Let S not satisfy p with respect to any variable valuation. Fix k = 
(151 • IQI -I- 3) ■ W, where W is the largest cost in S, and define the valuation a 
by a(x) = 2fc for every x. As S does not satisfy p with respect to a, there is a 
path TT through S with (tr(7r), a) ^ p. Thus, due to Lemma 1501 every fc-bounded 
coloring of w does not satisfy rel((/?). 

® Here, we use our assumption on k indicating the sign of the costs. 



Now, let w' be a ^-bounded and (fc —VF)-spaced coloring of tr(7r) which starts 
with p not holding true. Such a coloring can always be constructed, as W is the 
largest cost appearing in S. Note that w' satisfies x by construction. Thus, we 
have w' ^ -irel((/?) A Xj be., there is an accepting run (709192 • ■ • of 21 on w'. 
Consider the path 

(so,90,1i'o n {p}){si,qi,w[ n {p})(s2, 92,^2 C {p}) • • • 

where S 0 S 1 S 2 • • • = tt, which is fair by construction. We claim that it is pumpable: 
consider a block, which is {k — W)-spaced. Thus, it contains at least [S'! ■ \Q\ + 2 
many edges with non-zero cost, enough to enforce a vertex repetition with non¬ 
zero cost in between. To this end, one takes the sets Vj of vertices visited between 
the j-th and the (j -I- l)-th edge with non-zero cost (including the j-th edge). 
This yields [S'] • |Q| + 1 non-empty sets of vertices of 5 x 21 that coincide in their 
third component, as we are within one block. However, there are only [S'! ■ |Q| 
many such vertices, which yields the desired repetition. 

Now, consider the converse implication and let a' be an arbitrary variable val¬ 
uation. We show that S does not satisfy (p with respect to a'. Due to Lemma fTTl 
it is sufficient to show that S does not satisfy p with respect to the valuation a 
mapping every variable to fc = min 3 ,gvar(i^) Oi'ix). 

Fix an initial pumpable fair path of 5 x 21. It has a vertex repetition in every 
block such that the induced cycle has non-zero cost. We pump each such cycle 
fc -|- 1 times to obtain the path 

(soj 9 o, C'o)(si, 9 i, C'i)(s2,92, C'2) • • • . 

By construction, tt = S 0 S 1 S 2 • • • is a path through S and 

w' = (£(so) u Co)(£(si) U Ci)(£(s2) U C2) • ■ • 

is a coloring of its trace tr(7r). Also, 909192 • ■ • is an accepting run of 21 on w', i.e., 
w' ^ -ire^p) Ax- Lastly, w' is (fc-1-1)-spaced by construction, as the cost-function 
of 5 X 21 is induced by the one of S. 

Assume towards a contradiction that S satisfies p with respect to a, which 
implies (tr(7r),(a) \= (p. Applying Lemma [5TT] yields that every (fc -|- l)-spaced 
coloring of tr(7r) satisfies rel(p). However, w' is a (fc -I- l)-spaced coloring which 
satisfies -'rel(<p), i.e., we have derived the desired contradiction. □ 

Now, we are ready to prove Theorem [T] 

Proof. PSPACE-hardness holds already for LTL model checking [30], which is a 
special case of cPLTL model checking. Membership is witnessed by the following 
algorithm: check whether the colored Biichi graph 5 x 21 has an initial pumpable 
fair path, which is correct due to Lemma [SJ But as the graph is of exponential 
size, it has to be constructed and tested for non-emptiness on-the-fly. 

Due to LemmalU it suffices to check for the existence of an ultimately periodic 
path 7ro7r“ such that IttottiI < n € 0(|5 x 2tp), i.e., n is exponential in the size 
of p and quadratic in the size of S. To this end, one guesses a vertex v (the first 
vertex of tti) and checks the following reachability properties: 


1. Is t) reachable from vi via a path where each block contains a cycle with 
non-zero cost? 

2. Is w reachable from v via a non-empty path that visits an accepting vertex 
and which either has no changepoint or where each block contains a cycle 
with non-zero cost? In this case, we also require that v and the last vertex 
on the path from vi to v guessed in item[T]) differ on their third component 
in order to make v a changepoint. This spares us from having a block that 
spans ttq and tti. 

All these reachability problems can be solved in non-deterministic polynomial 
space, as a successor of a vertex of <Sx2l can be guessed and verified in polymonial 
time and the length of the paths to be guessed is bounded by n, which can be 
represented with polynomially many bits. □ 

Furthermore, by applying both directions of the proof of Lemma[Sl we obtain 
an exponential upper bound on the values of a satisfying variable valuation, if 
one exists. This is asymptotically tight, as one can already show exponential 
lower bounds for PROMPT-LTL [23]. 

Corollary 1. Fix a transition system S and a cPLTL-formula ip such that S 
satisfies ip with respect to some a. Then, S satisfies ip with respect to a valuation 
that is bounded exponentially in the size of ip and linearly in the number of states 
of S and in the maximal cost in S. 

Dually, one can show the existence of an exponential variable valuation that 
witnesses whether a given cPLTLq specification is satisfied with respect to every 
variable valuation. The following lemma states the contrapositive of this state¬ 
ment, which we prove using pumping arguments that are similar to the ones for 
the analogous results for PLTLg and PLDLg [20] . 

Lemma 6. Fix a transition system S and a cPLTLc,-formula ip such that S does 
not satisfy ip with respect to every a. Then, S does not satisfy ip with respect 
to a valuation that is bounded exponentially in the size of ip and linearly in the 
number of states of S and in the maximal cost in S. 

Proof. Let 21 be a Biichi automaton recognizing the models of rel(-'(/3) Ay, which 
is of exponential size in \ip\. Define fc* = (4 ■ |2l| • l^l -I- 2) • W, where W is the 
largest cost in S, and let a* be the variable valuation mapping every variable to 
k*. We consider the contrapositive and show: if there is an a such that S does 
not satisfy ip with respect to a, then S does not satisfy ip with respect to a*. 

Thus, assume there is an a and a path tt such that (tr(7r),a) ^ -^ip. Due to 
upwards-monotonicity we can assume w.l.o.g. that a maps all variables to the 
same value, call it k. 

Let tr(7r)' be a (fc* -I- IF -I- I)-bounded and (fc* -I- I)-spaced p-coloring of tr(7r) 
that starts with p not holding true in the first position, which can always be 
constructed as IF is the largest cost. Applying Lemma I3I1I shows that tr(7r)' 
satisfies rel(-'(/3). Furthermore, it satisfies y by construction. Fix some accepting 
run of 21 on tr(7r)' and consider an arbitrary block of tr(7r)': if the run does not 


visit an accepting state during the block, we can remove (if necessary) infixes of 
the block where the run reaches the same state before and after the infix and 
where the state of S at the beginning and the end of the infix are the same, until 
the block has length at most |2l| • jiSI and thus cost at most |2l| • jiSI • W. 

On the other hand, assume the run visits at least one accepting state during 
the block. Fix one such position. Then, we can remove infixes as above between 
the beginning of the block and the position before the accepting state is visited 
and between the position after the accepting state is reached and before the end 
of the block. What remains is a block whose length is at most 2 • |2l| • |iS| +1, at 
it has most |2l| • l^l many positions before the designated position, this position 
itself, and at most |2l| • jiSI many after the designated position. Hence, the block 
has cost at most (2 • |2l| • |vS| + 1) • W. 

Thus, we have constructed a (2 • |2l| • |<S| + 1) • VF-bounded p-coloring tr(d-)' 
of a trace tr(7r) for some path tt of S, as well as an accepting run of 21 on tr(7r)'. 
Hence, tr(7r)' is a model of re^-K^) and applying Lemma [3121 shows that tr(7r) 
is a model of —>ip with respect to the variable valuation mapping every variable 
to 2 • (2 • |2l| • |5| + 1) ■ IT = fc*. Therefore, S does not satisfy ip with respect to 
a*. □ 

5 Infinite Games 

An arena A = (H, Vq, Vi, w/, A, £, cst) consists of a finite directed graph {V,E), 
a partition (Vq, Ti) of V, an initial vertex vj £ V, a labeling i: V ^ 2^, and a 
cost function cst: A —^ N. Again, we encode the weights in binary, although the 
algorithms we present here and their running times and space requirements are 
oblivious to the exact weights. Also, we again assume that every vertex has at 
least one successor to avoid dealing with finite paths. Also, we again ensure our 
requirement on the proposition k to indicate the sign of the costs in a cost-trace: 
if K € £{v'), then we require cst{v,v') > 0 for every edge {v,v') £ E leading to 
v'. Dually, it k ^ then cst(u, v') = 0 for every edge (u, v') £ E. 

A play p = P 0 P 1 P 2 • • • is a path through A starting in vj and its cost- 
trace tr(/9) is defined as 

tr(p) = e{po) cst(po, pi) £{pi) cst(pi, P 2 ) £i.P 2 ) cst(p 2 , Pa) • • • • 

A strategy for Player i e {0,1} is a mapping a: V*Vi ^ V with {v, a{wv)) £ 
E for every w £ V* and v £ Vi. A play p is consistent with a if Pn-i-i = 
o'ipo ■ ■ ■ Pn) for every n with pn £ Vi. 

A cPLTL game G = (A, p) consists of an arena A and a winning condition p, 
which is a cPLTL formula. A strategy a for Player 0 is winning with respect to 
some variable valuation a, if the trace of every play that is consistent with tr 
satisfies the winning condition p with respect to a. 

We are interested in determining whether Player 0 has a winning strategy 
for a given cPLTL game, and in determining a winning strategy for her if this 
is the case, which we refer to as solving the game. 


Theorem 2. Determining whether Player 0 has a winning strategy in a given 
cPLTL game is 2 ExpTime- complete. Furthermore, a winning strategy (if one 
exists) can be computed in doubly-exponential time. 

Our proof technique is a generalization of the one for infinite games with 
PLTL winning conditions |38| . which in turn extended Kupferman et al.’s so¬ 
lution for the PROMPT-LTL realizability problem m- First, we note that it 
is again sufficient to consider cPLTLf formulas, as we are interested in the ex¬ 
istence of a variable valuation (see the discussion below Lemma ED. Next, we 
apply the alternating-color technique: to this end, we modify the arena to al¬ 
low Player 0 to produce colorings of plays of the original arena and use the 
relativized winning condition, i.e., we reduce the problem to a game with LTL 
winning condition. The winner (and a winning strategy) of such a game can be 
computed in doubly-exponential time |27I28) . 

To allow for the coloring, we double the vertices of the arena, additionally 
label one copy with p and the other not, and split every move into two: first, the 
player whose turn it is picks an outgoing edge, then Player 0 decides in which 
copy she wants to visit the target, thereby picking the truth value of p. 

Formally, given an arena A = {V,Vo,Vi,vi,E,i,cst), the extended arena 
A' = {V, Vq, V(, v'j, E', P, cst') consists of 

- V' = v X {0, i}uf;, 

- Vf = Fo X {0, 1}UE and V{ = Fi x {0,1}, 

- v) = (u/,0), 

- E' = {((u, 0), e), {{v, 1), e), (e, (F, 0)), (e, (F, 1)) | e = {v, F) G E}, 

- £'{e) = 0 for every e G E and P{v, ^) = i ^ and 

I ^(u) u Ip} if 6 = 1, 

- cst'((u, b), (v, v')) = cst(u, v') and cst'((u, v'), {v', b')) = 0. 

A path through the new arena A' has the form (poi ^o)eo(pi, ^i)ei(/ 02 ) ^ 2 ) ■ ■ • 
for some path P 0 P 1 P 2 • ■ ■ through A, where Cn = (p„,p„+i) and G {0,1}. 
Also, we have |A'| G 0{\A\'^). Note that we use the costs in A' only to argue 
the correctness of our construction, not to define the winning condition for the 
game in A'. 

Also, note that the additional choice vertices of the form e G E have to 
be ignored when it comes to evaluating the winning condition on the trace of 
a play. Thus, we consider games with LTL winning conditions under so-called 
blinking semantics: Player 0 wins a play p = P 0 P 1 P 2 • ■ ■ under blinking seman¬ 
tics, if £{po)£{p 2 )£{p 4 ) ■ ■ ■ satisfies the winning condition tp; otherwise. Player 1 
wins. Winning strategies under blinking semantics are defined as expected. De¬ 
termining whether Player 0 has a winning strategy for a given game with LTL 
winning condition under blinking semantics is 2ExpTiME-complete, which can 
be shown by a slight variation of the proof for LTL games under classical seman¬ 
tics [271^ . Furthermore, if Player 0 has a winning strategy for such a game, 
then also a finite-state one of at most doubly-exponential size in |(/?|. 

Such a strategy for an arena (F, Vq, Fi, u/, if, f, cst) is given by a memory 
structure M = (M, TO/,upd) with a finite set M of memory states, an initial 






memory state mi € M, and an update function upd : M x V ^ M, and by a 
next-move function nxt: Vq x M ^ V satisfying (v,iixi(v,m)) S E for every 
m and every v. The function upd*: V~^ M is defined via upd*(n) = m/ and 
upd*(r(;n) = upd(upd*(r(;), ?;). Then, the strategy a implemented by A4 and nxt 
is defined by a{wv) = nxt(n, upd*(r(;w)). The size of cr is (slightly abusively) 
defined as \M\. 

Given a game {A, (p) with cPLTLp winning condition p, define A! as above 
and let ip' = rel(</5) A y, where y = (GFp A GF-ip) o GFk. Recall that y is 
satisfied by a cost-trace, if the trace has infinitely many changepoints if and only 
if it has cost oo. 

Lemma 7. [cp. Lemma 3.1 of \23^ J Player 0 has a winning strategy for {A, p) 
with respect to some a if and only if she has a winning strategy for {A', p') under 
blinking semantics. 

Proof. Let tr be a winning strategy for Player 0 in [A, p) with respect to some 
fixed a and define k = max 2 ;gvar(c/ 3 ) C({x). We define a strategy a' for A' as follows: 

^ ((PO) ^o)(P07 Pi) ' * ' {,Pn—l: Pn){Pm ^n)) — {.Pni ^(.PO * ' * Pn)) 

if {pn,bn) S Vq, which implies pn G Vq. Thus, at a non-choice vertex, Player 0 
mimics the behavior of a. At choice vertices, she alternates between the two 
copies of the arena every time the cost has exceeded fc -|- 1: let 

W = {po,bo){PO,Pl) ■ ■ ■ {Pn,bn)iPn,Pn+l) 

be a play prefix ending in a choice vertex and let n' < n he the last changepoint 
in P{po, bo) ■ ■ ■ P{pm bn). Now, we define 

(p„+i, 0) if (cst(p„/ • • • p„) < fc -I- 1 and = 0) or 
(cst(p„/ ■■■ Pn) > k + I and = 1), 

(p„+i, 1) if (cst(p„/ • • • p„) < fc -I- 1 and = 1) or 
(cst(p„' • • • Pn) >k + \ and bn = 0). 

Let p = P 0 P 1 P 2 ■ ■ ■ be a play in A! that is consistent with cr' and let 



p' = P 0 P 2 P 4 ■■■ = {vo,bo){vi,bi){v 2 ,b 2 ) ■■■ . 

By definition of cr', the sequence V 0 V 1 V 2 ■ ■ ■ is a play in A that is consistent with 
cr and thus winning for Player 0 with respect to a, i.e., (tr(z;oWiU 2 •••),«) \= p. 
Also, w' = l'{von bo)P{vi,bi)i'{v 2 ,b 2 ) ■ ■ ■ is a (fc-|- 1)-spaced coloring of the trace 
tr(z;o?;iU 2 • • •). Hence, w' ^ p' due to Lemma I3I1I Finally, w' satisfies y by 
construction. Thus, cr' is a winning strategy for {A!, p') under blinking semantics. 

Now, let cr' be a winning strategy for Player 0 in {A!,p') which we can 
assume (w.l.o.g.) to be implemented by Ai' = (M', m)-, upd') and some next- 
move function nxt' such that \M'\ is doubly-exponential in \p\. We define a 
strategy cr for A by simulating a play in A! that is consistent with cr'. 


To this end, define the memory structure j\4 = (M,mj, upd) for A with 
M = (V X {0,1}) X M', mi = and 

upd(((u, 6), m), = (nxt'(e, to'), upd^(m', nxt'(e, m'))) 

where e = {v,v') and to' = upd'(m, e). Intuitively, the update-function mimics 
two moves in A!', first, the one from {v,b) to e = {v,v') and then the move from 
this choice vertex determined by the strategy a', which is given by nxt'(e,TO'), 
where to' is the updated memory state. 

Let ui be a play prefix of a play in A. The memory state upd*(ui) = ((r>, b), to) 
encodes the following information: the simulated play w' in A! ends in {v,b), 
where v is the last vertex of w, and we have upd'* (re') = to. Hence, it contains 
all information necessary to apply the next-move function nxt' to mimic a'. 
Thus, we define the next-move function nxt: Vq x M —>■ H for Player 0 in ^ by 



v" iiv = v' and nxt'((?;', 6), to) = (u', v"), 

V otherwise, for some v €V with {v,v) G E. 


By definition of Ad, the second case of the definition is never invoked, since 
upd*(?TO;) = {{v\b),m) always satisfies v = v'. 

It remains to show that the strategy a implemented by M and nxt is indeed 
a winning strategy for Player 0 for (A, ip) with respect to some a. To this end, 
let k = (|P| • \M\ -I- 3) • IP and define a{x) = 2k for every x, where IT is the 
largest weight in A. 

Let P 0 P 1 P 2 ■ • ■ be a play in A that is consistent with a. A straightforward 
induction shows that there exist bits 6oj ^ 2 , • ■ ■ such that the play 

{po, bo){po, pi){pi,bi){pi, P 2 ){p 2 , ^ 2 )■•■ 

in A' is consistent with a'. Hence, w" = ('{po,bo)£'{pi,bi)^'{p 2 ,b 2 ) • ■ • satisfies 
(fi'. We show that w" is fc-bounded. This suffices to finish the proof as we can 
apply Lemma [3121 and obtain (tr(p),a) ^ p, as w" is a fc-bounded coloring of 
tr(p). Thus, (T is a winning strategy for Player 0 for {A, if) with respect to a. 

Towards a contradiction assume that w" is not fc-bounded. Then, there exist 
positions i < j such that 

- upd'*((po,&o) ■ • ■ {Pi,h)) = upd'*((po,&o) • ■ • {Pj,bj)), 

- the bits bi,... ,bj are all equal, and 

- cst{pi ■■■ Pj) >0. 

To show this, one defines the sets Vj of vertices visited between the j-th and 
the (j -I- l)-th edge with non-zero cost (including the j-th edge). This yields 
\V\ ■ \M\ + 1 non-empty sets of vertices of {V x {0,1}) x M that coincide on the 
bit stored in their second component. Hence, we have derived the desired vertex 
repetition, as there are only \V\ ■ \M\ such vertices. 

Thus, the play 

P* = {po,bo) ■ ■ ■ {pi-ub^-l)[{Pi:b^) ■ ■ ■ {pj-i,bj-i)iPj-uP3)r, 


obtained by traversing the cycle between {pi,bi) and {pj,bj) infinitely often, is 
consistent with tr', since the memory states reached at the beginning and the 
end of the loop are the same. Remember that the bits do not change between 
i and j. Thus, tr(p*) has only finitely many change points, but infinitely many 
occurrences of k and does therefore not satisfy x under blinking semantics. This 
contradicts the fact that cr' is a winning strategy for (^',rel((/9) A x) under 
blinking semantics. □ 

Now, we are able to prove Theorem [51 

Proof. Hardness follows immediately from the 2ExpTiME-hardness of determin¬ 
ing the winner of an LTL game [27128) . which is a special case. 

Membership in 2ExpTime follows from the reductions described above: first, 
we turn the winning condition into a cPLTLp formula and construct the LTL 
game under blinking semantics obtained from expanding the arena and rela- 
tivizing the winning condition. This game is only polynomially larger than the 
original one and its winner (and a winning strategy) is computable in doubly- 
exponential time. □ 

By applying both directions of the proof of Lemma [71 we obtain a doubly- 
exponential upper bound on the values of a satisfying variable valuation, if one 
exists. This is asymptotically tight, as one can already show doubly-exponential 
lower bounds for PROMPT-LTL [38) . 

Corollary 2. Fix a cPLTL game Q = {A^ p) such that Player 0 has a winning 
strategy for Q with respect to some a. Then, Player 0 has a winning strategy for 
Q with respect to a valuation that is bounded doubly-exponentially in the size of 
if and linearly in the number of vertices of A and in the maximal cost in A. 

6 Parametric LDL with Costs 

Linear Dynamic logic (LDL) [18134) extends LTL by temporal operators guarded 
with regular expressions, e.g., (r) (p holds at position n, if there is a j such that (p 
holds at position n-\-j and the infix between positions n and n-Pj — 1 matches r. 
The resulting logic has the full expressiveness of the w-regular languages while re¬ 
taining many of LTL’s desirable properties like a simple syntax, intuitive seman¬ 
tics, a polynomial space algorithm for model checking, and a doubly-exponential 
time algorithm for solving games. Parametric LDL (PLDL) [Tl] allows to param¬ 
eterize such operators, i.e., {r)^,,, <p holds at position n with respect to a variable 
valuation a, if there is a j < a{x) such that (p holds at position n j and the 
infix between positions n and n -|- j — 1 matches r. Model checking and solving 
games with PLDL specifications is not harder than for LTL, although PLDL is 
more expressive and has parameterized operators. In this section, we consider 
cPLDL where the parameters bound the cost of the infix instead of the length. 

Formally, formulas of cPLDL are given by the grammar 

ip:\=p\^p\pAp\ipy p\{r)p\[r]p\ (r)<,, p \ [r]<^ p 

r:\=(j)\pl\r + r\ r]r\r* 






where p G P, z G V, and where (j) ranges over propositional formulas over P. As 
for cPLTL, cPLDL formulas are evaluated on cost-traces with respect to variable 
valuations. Satisfaction of atomic formulas and of conjunctions and disjunctions 
is defined as usual, and for the four temporal operators, we define 

— {w, n, a) 1= (r) (p if there exists j > 0 such that (u, n + j) G TZ{r, w, a) and 
{w, n + j, a) 1= ip, 

— {w, n, a) ^ [r] p if for all j > 0 with (n, n + j) G Pir, w, a) we have {w, n + 

j, a) h V, 

— {w,n,a) 1 = {r)^^p if there exists j > 0 with cst{wnCn ■ ■ ■ Cn+j-iWn+j) < 
a{z) such that Jn, n + j) G P{r, w, a) and {w, n + j, a) \= p, and 

— {w,n,a) ^ if for all j > 0 with cst{wnCn ■ ■ ■ Cn+j-iWn+j) < oi{z) 

and with (n, n + j) G P{r, w, a) we have (w, n + j, a) \= p. 

Here, the relation 7^(r, w,a) C N x N contains all pairs (m, n) G N x N such that 
Wm • • • Wn-i matches r and is defined inductively by 

— P{(j), w, a) = {(n, n -I- 1) | Wn H 4>\ for propositional p, 

— w, a) = {{n, n) \ {w, n, a) ^ V'}, 

— P{rQ + ri,w, a) = P{ro,w, a) U P{ri,w, a), 

— P{rQ ■ri,w,a) = {(no, n 2 ) | 3ni s.t. (no, ni) G P{rQ,w, a) and 
(ni,n 2 ) G P{ri,w,a)}, and 

— TZ{r*,w,a) = {(n,n) | n G N} U {(no, n^+i) | 3ni,...,nfe s.t. 

(nj, n^+i) G P{r, w, a) for all j < k}. 

Again, we restrict ourselves to well-formed formulas, i.e., those whose set of 
variables parameterizing diamond operators and whose set of variables parame¬ 
terizing box operators are disjoint. 

Using the duality of the operators (r)<^ and [r]^^ (note that r is left un¬ 
changed) , one can prove an analogue of Lemma [T] 

Lemma 8. For every cPLDL formula p there exists an efficiently constructible 
cPLDL formula —>p s.t. 

1. {w, n,a) \= p if and only if (w, n, a) -^p for every w, every n, and every 
a, and 

2. \-^p\ = \p\. 

Note that we do not claim that negation preserves well-formedness and that 
we have not (yet) defined unipolar fragments of cPLDL. This is because the 
former statement is wrong: the negation of the well-formed cPLDL-formula 
[([p]<kP)'^]< 3 ,P which is not well-formed. The issue is that 

negation does not flip the duality of parameterized operators in tests, i.e., for¬ 
mulas of the form in regular expressions, which also requires us to be careful 
when defining the unipolar fragments of cPLDL: let phe &. cPLDL formula. 

— is a cPLDLq formula, if it does not contain a parameterized box operator. 

— (/? is a cPLDLq formula, if it does not contain a parameterized diamond 
operator and if its negation is a cPLDLq formula. 


For cPLTLg formulas, the second conjunct in the second item above is trivial, 
but, as we have seen in the example above, this is no longer true for cPLDLq. 
The second conjunct is necessary to be able to solve problems for cPLDLq by 
dualizing the formula into an cPLDL<j formula. This becomes crucial when we 
consider the optimization problems in Setion [51 the only place where we deal 
with cPLDLq formulas. 

Finally, Lemma [TT] holds for cPLDL, too. 

Lemma 9. Let (p be a cPLDL formula and let a and {3 he variable valuations 
satisfying a(x) < I3{x) for every x G varF((/?) and a{y) > f3{y) for every y G 
varG(</9). If (w, a) \= (p, then {w,l3) ^ (p. 

The alternating-color technique is applicable to PLDL m- to this end, one 
introduces changepoint-bounded variants of the unparameterized diamond op¬ 
erator and of the unparameterized box operator whose semantics only quantify 
over infixes with at most one changepoint. LDL formulas with changepoint- 
bounded operators can be translated into Biichi automata of exponential size. 
As usual, the parameterized box operators can again be disregard due to mono¬ 
tonicity. Thus, given a PLDL .0 formula, one replaces every diamond operator by 
a changepoint-bounded one and can then show that both formulas are equiva¬ 
lent, provided the distance between color-changes is appropriately bounded and 
spaced. This allows to extend the algorithms for model checking and realizability 
based on the alternating-color technique to PLDL. The detailed construction is 

described in Ca¬ 
in the setting with costs investigated here, the approach is similar: one has 
to replace the parameterized diamond operators by changepoint-bounded ones. 
Furthermore, the formula y = (GFp A GF-ip) GFk used in the applications 
of the alternating-color technique in Sections|3]and|S]is replaced by an equivalent 
LDL formula, which is possible as LDL subsumes LTL. The resulting formula is 
again translatable into a Biichi automaton of exponential size. Thus, the con¬ 
structions presented in the previous two sections solving the model checking and 
the game problem are again applicable. 

Theorem 3. The cPLDL model checking problem is PSPACE-complete and solv¬ 
ing infinite games with cPLDL winning conditions is 2PxpTiME-complete. 


7 Multiple Cost Functions 


In this section, we consider parameterized temporal logics with multiple cost- 
functions. For the sake of simplicity, we restrict our attention to cPLTL, although 
all results hold for cPLDL, too. 

Fix some dimension d G N. The syntax of mult-cPLTL is obtained by equip¬ 
ping the parameterized temporal operators by a coordinate i G {1,... ,(i}, de¬ 
noted by F< . 3 , and G<^y. Here, a cost-trace is of the form wq cq wi C1W2C2 • • • 


with Wn & 2^ and Cn G Thus, for every i £ {1,... ,d}, we can define 


n—1 



for every finite cost-trace woCq ■ ■ -Cn-iWn, where {cj)i denotes the i-th entry of 
the vector Cj. Furthermore, we require for every coordinate i a proposition Hi 
such that Ki £ Wn+i if and only if (c„)i > 0. 

The semantics of atomic formulas, boolean connectives, and unparameterized 
temporal operators are unchanged and for the parameterized operators, we define 

— (w, n,a) ^ Fif and only if there exists a j > 0 with 
csti{wnCn '' 'Cn+j-iWn+j) < a{z) such that {w, n + j, a) ^ ip, and 

— {w, n, a) \= if and only if for every j > 0 with 

csti(w„Cn-■-Cn+j-iWn+j) < a{z): {w,n + j,a) |= tp. 

In this setting, we consider the model checking problem for transition systems 
with d cost functions and want to solve games in arenas with d cost functions. 

Example 2. A Streett condition with costs (Qi, [U] can be expressecQ 

in mult-cPLTL via 



Again, we restrict ourselves to formulas where no variable parameterizes 
an eventually- and an always operator, but we allow a variable to parameter¬ 
ize operators with different coordinates. Also, the fragments mult-cPLTLp and 
mult-cPLTLc are defined as for cPLTL, i.e., a formula is a mult-cPLTLp formula 
(a mult-cPLTLc formula), if it does not contain parameterized always operators 
(parameterized eventually operators). 

Lemma [T] can be extended to mult-cPLTL by adding the rules = 

and -^{G<^yip) = E<^y^ip to the proof. 

Lemma 10. For every mult-cPLTL formula ip there exists an efficiently con- 
structible mult-cPLTL formula -<(p s.t. 

1. {w,n,a) \= p if and only if (w,n,a) ^ for every w, every n, and every 


2. \-^p\ = \p\. 


3. If p is well-formed, then so is -<p. 

4- If p is an LTL formula, then so is -<p. 

5. If p is a mult-cPLTL-p formula, then —<p is a mult-cPLTLc, formula and 
vice versa. 

Furthermore, Lemma m holds for mult-cPLTL as well. 

The same disclaimer as for the parity condition with costs applies here, see Foot¬ 


note [T] 



Lemma 11. Let ip he a cPLTL formula and let a and fj he variable valuations 
satisfying a{x) < j5{x) for every x G varF((/?) and a{y) > j3{y) for every y G 
varG((/5)- If iw,a) \= (p, then {w.ft) ^ p. 

The alternating-color technique is straightforwardly extendable to the new 
logic mult-cPLTL: one introduces a fresh proposition pi for each coordinate i 
and defines x = Ati((GFp. A GF-ipi) -H- GF/ti). Furthermore, the notions of 
i-blocks, A:-boundedness in coordinate i, and A:-spacedness in coordinate i are 
defined as expected. Then, the proofs presented in Section |4] and Section [5] can 
be extended to the setting with multiple cost-functions. 

In the model checking case, the third component of the set of states of the 
colored Biichi graph 5 x 2t has the form i.e., it is of exponential size. 

However, this is no problem, as the automaton 21 is already of exponential size. 
Similarly, in the case of infinite games, each vertex of the original arena has 2‘^ 
copies in A', one for each element in allowing Player 0 to produce 

appropriate colorings with the propositions pi. The resulting game has an arena 
of exponential size (in the size of the original arena and of the original win¬ 
ning condition) and an LTL winning condition under blinking semantics. Such a 
game can still be solved in doubly-exponential time. To this end, one turns the 
winning condition into a deterministic parity automaton of doubly-exponential 
size with exponentially many colors, constructs the product of the arena and the 
parity automaton, which yields a parity game of doubly-exponential size with 
exponentially many colors. Such a game can be solved in doubly-exponential 
time [53]. 

Theorem 4. The mult-cPLTL model checking problem is PSPACE-complete and 
solving infinite games with mult-cPLTL winning conditions is 2ExpTime-co77i- 
plete. 

Again, the same results hold for mult-cPLDL, which is defined as expected. 


8 Optimization Problems 

It is natural to treat model checking and solving games with specifications in 
parameterized linear temporal logics as an optimization problem; determine the 
optimal variable valuation such that the system satisfies the specification with 
respect to it. For parameterized eventualities, we are interested in minimizing the 
waiting times while for parameterized always’, we are interested in maximizing 
the waiting times. Due to the undecidability results for not well-defined formulas 
one considers the optimization problems for the unipolar fragments, i.e., for for¬ 
mulas having either no parameterized eventualities or no parameterized always’. 
In this section, we present algorithms for such optimization problems given by 
cPLTL specifications. In the following, we encode the weights of the transition 
system or arena under consideration in unary to obtain our results. Whether 
these results can also be shown for a binary encoding is an open question. 


For model checking, we are interested in the following fonr problems: given 
a transition system S and a cPLTLp formula c^f and a cPLTLg formula 
respectively, determine 

1. min|Q ,|^5 satisfies w.r.t. a} niin^j^YarpCf^F) 

2. min|Q,|^ satisfies (fY w.r.t. a} n^aX^^^YarpCf^F) 

3. max|Q ,|^5 satisfies (pa w.r.t. a} niaXy^^^rc(¥^ 0 ) and 

4. maX|Q,|^ satisfies pG w.r.t. a} ininygYarG(<^G) ^iy)- 

Applying the monotonicity of the parameterized operators and (in the first 
case) the alternating-color technique to all but one variable reduces the four op¬ 
timization problems to ones where the specification has a single variable (cp. [1]). 
Furthermore, the upper bounds presented in Corollary [T] and in Lemma [5] yield 
an exponential search space for an optimal valuation: if this space is empty, then 
there is no a such that S satisfies ipp with respect to a in the first two cases. 
On the other hand, if the search space contains every such a, then S satisfies 
(fc, with respect to every a in the latter two cases. 

Thus, it remains the check whether the specification is satisfied with re¬ 
spect to some valuation that is bounded exponentially. In this setting, one can 
construct an exponentially sized non-deterministic Biichi automaton recogniz¬ 
ing the models of the specification with respect to the given valuation (using 
a slight adaption of the construction presented in [38] accounting for the fact 
that we keep track of cost instead of time). This automaton can be checked for 
non-emptiness in polynomial space using an on-the-fly construction. Thus, an 
optimal a can be found in polynomial space by binary search. 

Theorem 5. The cPLTL model checking optimization problems can be solved 
in polynomial space, if the weights are encoded in unary. 

A similar approach works for infinite games as well. Here, we are interested 
in computing 

1. min|f;^|p[ Q ];^as winning strategy for Qy w.r.t. a} f^ff^xevarp((^ f) 

2. min|Q.|p[ q winning strategy for Qf w.r.t. a} ^^^xCvarp ('Pf) 

3. min|Q,|p[ q winning strategy for Qg w.r.t. a} ffliflxevarG('PG) f^(^)5 and 

4. min|,^|p[ q J^g^g winning strategy for Qg w.r.t. a} ^^^ajevarGl^^G) f^(^)- 

and witnessing winning strategies for given cPLTL games Gf with cPLTLp win¬ 
ning condition ipp and Qg, with cPLTLg winning condition ipG- 

Again, one can reduce these problems to the case of winning conditions with 
a single variable and by applying determinacy of games with respect to a fixed 
valuation, it even suffices to consider the case of cPLTLf winning conditions 
with a single variable, due to duality of games: swapping the players in a game 
with cPLTLg winning condition yields a game with cPLTLp winning condi¬ 
tion. Corollary[2]gives a doubly-exponential upper bound on an optimal variable 
valuation. Hence, one can construct a deterministic parity automaton of triply- 
exponential size with exponentially many colors recognizing the models of the 
specification with respect to a fixed variable valuation a that is below the upper 


bound (again, see [35] for the detailed construction). Player 0 wins the parity 
game played in the original arena but using the language of the automaton as 
winning condition if and only if she has a winning strategy for the cPLTLf 
game with respect to a. Such a parity game can be solved in triply-exponential 
time [35] , 

Theorem 6. The cPLTL optimization problems for infinite games can be solved 
in triply-exponential time, if the weights are encoded in unary. 

Furthermore, the same results hold for cPLDL using appropriate adaptions 
of the automata constructions presented in [HID]. Here, we apply the require¬ 
ment on negations of cPLDLq formulas being cPLDLo formulas is applied when 
dualizing a game with cPLDLq winning condition into a game with cPLDLo 
winning condition by swapping the players and negating the winning condition. 
Without this requirement, we would not necessarily end up with a cPLDLo 
winning condition, but possibly with a non-wellformed winning condition. 

Theorem 7. The cPLDL model checking optimization problems can be solved 
in polynomial space and the cPLDL optimization problems for infinite games can 
be solved in triply-exponential time, if the weights are encoded in unary. 

However, for parameterized logics with multiple cost-functions, these results 
do not remain valid, as one cannot reduce the optimization problems to ones 
with a single variable, as a variable may bound operators in different dimen¬ 
sions. Thus, one has to keep track multiple costs, which incurs an additional 
exponential blow-up when done naively. Whether this can be improved is an 
open question. 

9 Conclusion 

We introduced parameterized tem¬ 
poral logics whose operators bound 
the accumulated cost instead of time 
as usual: cPLTL and cPLDL extend 
PLTL and PLDL to the cost-setting 
while mult-cPLTL and mult-cPLDL 
extend them to the multi-dimensional 
cost-setting. The logics we considered 
here are depicted in Figure [T| the up¬ 
per four logics were introduced in this 
work. 

All four new logics retain the 
attractive algorithmic properties of 
LTL like a polynomial space model 
checking algorithm and a doubly- 
exponential time algorithm for solving 


[mult-cPLDL] 

V \ 

[cPLDL] [mult-cPLTL] 
[PLDL] [cPLTL] 



Fig. 1. Overview over the logics considered 
in this work. 















infinite games. For cPLTL and cPLDL, even the optimization variants of these 
problems are not harder than for PLTL: polynomial space for model checking 
and triply-exponential time for solving games, if the weights are encoded in 
unary. 

However, it is open whether these problems are strictly harder for logics with 
multiple cost functions or if the weights are encoded in binary. Another open 
question concerns the complexity of the optimization problem for infinite games: 
can these problems be solved in doubly-exponential time, i.e., is finding optimal 
variable valuations as hard as solving games? Note that this question is already 
open for PLTL. Recently, a step towards this direction was made by giving 
an approximation algorithm for this problem with doubly-exponential running 
time m- Finally, one could consider weights from some arbitrary semiring and 
corresponding weighted parameterized temporal logics. 
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